Security Control Assessor SCA

Note: The legacy cybersecurity/information security accreditation governance documents are listed due to the state of transition of network accreditation guidance and the fact that networks may be operating under legacy certification and accreditation guidance.

• Ensure system security requirements are addressed during all phases of DARPA program life cycles (concept development Request for Information (RFI) Request for Proposal (RFP) or BAA Proposal Selection Award Closeout Transition etc..
• Planning preparing and executing inspections authorization and approval (A&A) events IAW with the respective policies detailed in paragraph 3.12.c. for all classifications of networks; to include the development and review of Automated Information System Authorization and Approval Packages.
• Develop review endorse and recommend action by the authorizing official (AO) delegated authorizing official (DAO) or designated approval authority (DAA) for system certification documentation
  • Conduct quality control of system accreditation packages for completeness of accreditation artifacts within 3 business days of receipt from the technology office security staffs or their cleared defense industry contractors and/or participating government agencies.
  • Process authorization and approval or denial documentation to the respective DAPRA AO/DAO/or DAA within 10 business days of receipt of a complete package
• Conduct security control assessments for the evaluation of security controls to determine the extent to which the controls are implemented correctly operating as intended and producing the desired outcome with respect to meeting the security requirements for an AIS
• Provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities
• Analyze and make recommendations in support of DARPA accredited network Configuration Control Board cases within 10 calendar days of case validation by the respective networks Information System owner
• Monitor activities of DARPA accredited networks and DARPA DAO Accredited performer networks
• Provide advice assistance and analysis of threats and vulnerabilities and risk mitigation and acceptance recommendations as required. Conduct certification tests that include verification that the features and assurances are functional and support accreditation
• Work collaboratively with the MSO/Information Technology Directorate (ITD) in the authorization and approval and continuous monitoring of DARPA unclassified and classified networks; including but not limited to:

1. DARPA Management Security System (DMSS) Unclassified
2. DARPA Public Network (DPN) Unclassified
3. DARPA Secret Network (DSN)/Secret Internet Protocol Router Network (SIPRNet) Connection up to SECRET Collateral
4. DARPA Joint Worldwide Intelligence Communications System (JWICS) Network (DJN)/JWICS Connections up to TOP SECRET SCI
5. DARPA Secure Wide Area Network (DSWAN) up to SECRET Collateral
6. MultiLevel Security System (SAVANNAH) up to TOP SECRET SAP and SCI

• Review and recommend changes or amplification of policy procedures and strategy development
• Evaluate Information Assurance (IA) products and provide written recommendations as to their risk and usefulness and/or adoption for the DARPA IA mission
• Evaluate information technology (IT) vulnerabilities to assess whether additional safeguards are prudent and ensure certification is accomplished for each information system
• Develop and maintain a formal written Information Systems Security Program SOP
• Ensure all Information System Security Officers (ISSO) network administrators and other Automated Information Security (AIS) personnel to include DARPA performers performing these functions receive the necessary and required technical and security training to carry out their duties
• Ensure development and implementation of an information security education training and awareness program to include attending monitoring and presenting local AIS security training.
• Maintain a repository for all system certification/accreditation documentation and modifications
• Coordinate AIS security inspections tests and reviews
• Prepare policies and procedures for responding to security incidents and for investigating and reporting security violations and incidents
• Ensure proper protection or corrective measures have been taken when an incident or vulnerability has been discovered
• Assess changes in a system its environment or operational needs that could affect the accreditation
• Ensure configuration management (CM) for securityrelevant AIS software hardware and firmware is maintained and documented
• Perform system audits on multiple systems; work closely with system administrators and ensure current security measures are sufficient and in compliance with approved policies and processes
• Perform and conduct training as required for the of secure file transfers/trusted downloads between local systems to storage devices this includes secure down writing of data between systems of different security levels
• Provide technical advice and assistance as required and perform technical oversight on telecommunications requirements for Collateral SAP and SCI systems and networks
• In coordination with SID Emergency Management review and provide AIS security relevant input to DARPA Emergency/Disaster plans and procedures.

Required Skills (Knowledge Skills Abilities)

• Relevant work experience as specified for an Information Assurance Technical (IAT) Level III or Information Assurance Management (IAM) Level II in DoD Manual 8570.1M
• Extensive knowledge of RMF (Risk Management Framework)
• Experience assessing and authorizing various PIT systems (of all classification levels) including but not limited to; space systems manned and unmanned aircraft systems manned and unmanned underwater vessels cyber operation platforms cyber capabilities directed energy systems and handheld battle field orientation electronic devices

Professional Business Functions

• Attend meetings (either locally or outofarea) and create meeting summaries or trip reports
• Prepare and submit meeting minutes on an asrequired basis
• Prepare/present briefings incorporating graphics (if appropriate) for/to SID/ DARPA leaders
• Prepare various security forms associated with their duties
• Assist in entry control and perform escort duties for visitors
• Answer telephones and other modes of administrative communications in the performance of duties
• Perform selfinspections identify security discrepancies and report security incidents
• Perform or support security inspections identify security discrepancies and prepare reports
• Perform courier duties within the continental United States (CONUS)
• Perform userlevel security administrator and information security responsibilities are required and in compliance with US Codes Executive Orders and DoD and DARPA policy
• Perform objective reviews on all documentation encountered during performance of duties

Clearance

• Minimum of active Top Secret (TS)
• TS/SCI strongly desired
• Subject to a random counterintelligence scope polygraphs as a condition of access eligibility.

Years of Experience/Education Requirements

• The Senior Cybersecurity positions require a Bachelors degree in Computer Science or Information Systems with at least 12 years of specific demonstrable and successful experience fulfilling a Cybersecurity role for a DoD or IC customer on similar size and scale.
• A Masters degree in Computer Science or Information Systems may substitute for 4 years of relevant experience.

Certification Requirements

• DoD Approved Baseline Certification as a CISSP IAW DoD 8570.1M

Travel Requirements

• Some travel is required for this position.
• Ability to travel to CONUS and/or OCONUS locations
• Must have active US passport for OCONUS travel requirements

Additional Information

• This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities duties and/or responsibilities that are required for this position that are not listed in this job description.
• In compliance with federal law all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.

• System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.

• System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race color religion age national origin ancestry ethnicity gender gender identity gender expression sexual orientation marital status veteran status disability genetic information citizenship status or membership in any other group protected by federal state or local law.
• Equal opportunity legal notices can be viewed on the following PDFs: EEO is the Law; EEO is the Law Supplement; Pay Transparency Nondiscrimination

Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a systemhigh or msg.paycomonline email address.